Netcraft launches phishing attack map
We’ve been watching Netcraft for some time. At first, as they spidered the entire internet, we thought they might head in the direction of a typical search engine. They did not. Many hackers and information security experts have leveraged their ‘free’ fingerprint of every web domain on the internet – to either attempt to breach them or to point out to their customers or themselves why they needed newer servers, software and patch updates.
We continue to watch Netcraft innovate – now with their new phishing attack map, which provides a real-time visualisation of the phishiest countries in the world. According to Netcraft, measurements are determined by using IP address delegation information to attribute current phishing sites in our Phishing Site Feed to countries. Netcraft then use the number of active sites found by their Web Server Survey to calculate and display the ratio of phishing attacks to web sites in each country.
A few themes become immediately apparent when studying the map. Countries with poor internet access may host very few phishing attacks, or even none at all, and therefore may appear very safe; however, countries with an extremely small number of websites can prove very volatile: For example, the Falkland Islands appears incredibly phishy by virtue of the fact that out of only 38 active sites hosted in that country, one of them is currently blocked for phishing.
Countries which respond slowly to taking down phishing sites are more likely to have a higher proportion of their sites engaged in phishing at any one time. As the map displays only currently blocked phishing attacks, this characteristic is highlighted particularly well in Morocco, which is the second phishiest country with nearly 200 of its 11,000 sites blocked.
Fraudsters commonly host their phishing sites on compromised servers, as this does not require a purchasing transaction, making it more difficult to correctly identify the perpetrators. Shared hosting services tend to be the least secure, so countries with a large number of sites running on shared hosts are likely to attract the attention of fraudsters.
Countries which host a large number of vulnerable and commonly targeted web applications consequently host a large number of phishing attacks, notwithstanding their responsiveness to takedown requests. This perhaps explains why the US appears phishier than either Russia or China, and some US hosting companies host more phishing attacks than entire European countries, as they provide proportionately more WordPress and hosting control panel administered sites, plus shared IP hosting configurations that allow customer content to be accessed from any domain that resolves to the same IP address. Our datasets show that these are the most favoured platforms for hosting fraudulent content on compromised servers.
Check out their innovative world phishing map by clicking here.
(Sources: CDM and Netcraft)